 | 1 | initial version |
If you just want to process the data without exploring heuristic dissectors, try a post-dissector.
There is a sample capture attached to Issue 16227 - LLDP: Add ONOS TLV (and ethernet types)
Train Top Protocol
ttdp data: 00:00:01:6e:97:7f:f7:ac
ttdp data: 2d:58:32:97:0b:a8:e8:72:9d:6d:b6:d9:49:c1:04:38:d7:70:97:e5:b3:3d:15:fa:bf:33:5c:00:5c:70:67:77
-- TTDP.lua
-- https://ask.wireshark.org/question/27062/how-can-i-write-a-dissector-for-a-part-of-the-lldp-payload-in-lua/
-- Grab and format fields as needed
-- Step 1 - document as you go. See header above and set_plugin_info().
local ttdp_info =
{
version = "1.0.0",
author = "Chuck Craft",
description = "Print lldp.unknown_subtype.content",
}
set_plugin_info(ttdp_info)
-- Step 2 - create a protocol to attach new fields to
local ttdp_p = Proto.new("ttdp","Train Top Protocol")
-- Step 3 - add some field(s) to Step 2 protocol
local pf = { payload = ProtoField.string("ttdp.payload", "ttdp data") }
ttdp_p.fields = pf
-- Step 4 - grab existing field(s) for processing
ttdp_payload_f = Field.new("lldp.unknown_subtype.content")
-- Step 5 - create the postdissector function that will run on each frame/packet
function ttdp_p.dissector(tvb,pinfo,root)
local tree = nil
finfo = { ttdp_payload_f() }
if (#finfo > 0) then
if not tree then
tree = root:add(ttdp_p)
end
for k, v in pairs(finfo) do
local field_data = string.format("%s", v)
tree:add(pf.payload, field_data)
end
end
end
-- Step 6 - register the new protocol as a postdissector
register_postdissector(ttdp_p)